eJPTv2 vs eJPT
A new eLearn Security Certification has arrived, eJPTv2, replacing the well known eJPT, eJPT will not longer be available. Today we are going to see which are the differences between the old eJPT and the new eJPTv2. We are going to talk about price, content, type of exam and I will also give my experience about my eJPT exam.
What is eJPT(v1/v2)
eJPT is a certification designed to be the first milestone for junior pentesters. As we will see later, this certification is 100% practical and you will need to show your skills in order to prove if you have what it takes to be part of a winning penetration testing team!
This certification covers essential penetration testing skills and concepts, including Assessment Methodologies and Enterprise Auditing with Host, Network, and Web Application Penetration Testing.
You don’t need previous experience to jump into this certification.
You can get your exam and expand your information in the eLearnSecurity webpage.
What’s new on eJPTv2?
If we check the INE training of the eJPTv1 and eJPTv2 we can see the following differences.
New on eJPTv2 INE course:
- Exploitation of web app with XSS.
- Pivoting by port forwarding.
- Gathering email addresses from public sources.
- Gathering technical information from public sources.
We don’t have a prerequisites section into the eJPTv2 site, but we can deduct from the INE training that port forwarding and exploit modification, are the new skills needed in order to pass the exam, I don’t think that OSINT techniques will be needed in the exam, but I always recommend to follow the INE course.
Price
Price has also changed in this new eJPT version.
The original eJPT cert exam price was 200$ and the new eJPTv2 price is 250$, cause the INE training is not longer free, so now is 50$ more expensive.
The 250$ exam voucher includes 3 months subscription to INE, so you can study the exam preparation course, after these 3 months, you will be charged 39$ per month if you want to continue having access to the course.
Knowing this, you need to make your exam in 3 months after buying the exam voucher, if not you may need to pay one month of INE subscription before doing it, if you want to follow the course.
eJPTv1 training was free, so this version is more expensive, anyway if you already have an INE susbcription the exam will cost 200$ for you.
Exam
All eLearnSecurity exam vouchers have 6 months of validity, so you have 6 months to prepare your exam, but remember that INE training will only be available for 3 months, I recommend you to take the exam in the firsts 1/3 months, in order to take advantage of the course, but you can always prepare it by yourself if you wish.
In the eJPTv1 you had 72 hours to complete the exam, by answering 20 questions, in this new eJPTv2 cert, you will have 48 hours to complete the exam, which will be composed of 35 questions related to your exploitation.
In order to take the exam, you will need to login into eLearnSecurity webpage and start the exam lab located in the exams category.
In the following photo, you can see the amount of correct answers needed in order to pass the exam:
The eJPTv1 cert has no expiration date, but this new eJPTv2 is only valid for 3 years from the date awarded, after this 3 years, you will be needing to repeat the exam in order to renew your certification.
As in eJPTv1 if you are not successful on your first attemp, you will have another opportunity to retake the exam.
What you need to know (My experience).
I passed the eJPTv1 a month ago, and I will tell you what you need to know in order to pass the eJPT cert.
I didn’t do the eJPTv2 exam, but as far as I can see, the content is almost the same, so this information will be useful to everyone who want’s to get certified.
What you must know in order to pass the exam:
- Deep understanding of networking concepts (Check ARP protocol, and understand communications between computers in Wireshark cap files).
- Simple manual web application security assessment and exploitation (Learn to identify OWASP top 10 vulns and Web assessment).
- Basic vulnerability assessment of networks (OWASP top 10 vulns).
- Using Metasploit for performing simple attacks (Learn how to use metasploit properly to identify and exploit targets).
- Web application manual exploitation through attack vectors (Not needed if you know how to use Metasploit Properly) .
- Ability to perform protocol analysis of a traffic capture. (As mentioned before, this is very important, identify networks and hosts via Wireshark cap files).
- Understanding of information gathering techniques (Nmap and other type of scanners).
- Understanding of the penetration testing process (You need to follow a good methodology).
- Learn how to perform pivoting and port forwarding (With metasploit or with any other tool you like).
- You must know how to perform brute force attacks (Hydra is enough).
- Upload/Download files from the victim and hash cracking (Important).
Machines you should do (You can skip them if you already know how to use this tools):
Hydra 1, and practice in other CTFs.
Wireshark 1 2 3 Overpass 2 wireshark level is higher than the required for the exam.
SQLi 1
SQLmap 1, practice also SQLi in other CTFs.
John 2, you can also learn how to use hashcat if you wish.
Blue machine from Tryhackme or Hackthebox is highly recommended, you should also do easy/medium machines in both sites to prepare your exam.
You have enough time to complete the exam, so don’t be nervous, stay calm and make pauses if you need it, the exam is not a ctf, you will have to collect the information requested in the questions.
I hope this post has helped you to learn and prepare the eJPTv2.
Merry Christmas to everyone!.